A services gateway may be configured to enforce many different policies. The policies may include different authentication types, authorization rules, throttling rules, and/or and traffic swimlanes. The policies enforced for a given client request received at the services gateway may be controlled by a service configuration stored within a services registry. In other words, the services gateway enforces policies based on data of the services registry. The process of generating, testing, and activating policies can be cumbersome and error-prone, requiring both pre-production and production registries, as well as a workflow that includes importing/exporting policy configurations between the two types of registries, and may require a stage to modify variable names in an exported configuration.